Common fields

The name of the server that served the transaction.

The name of the server that initiated the transaction.

The name of the logical service that served the transaction.

The name of the logical service that initiated the transaction.

format: dotted notation.

The IP address of the server that served the transaction.

format: dotted notation.

The IP address of the server that initiated the transaction.

format: Dotted notation.

If the server initiating the transaction is a proxy, this field contains the original client IP address. For HTTP, for example, the IP address extracted from a configurable HTTP header, by default X-Forwarded-For. Unless this field is disabled, it always has a value, and it matches the client_ip for non proxy clients.

type: geo_point

example: {lat: 51, lon: 9}

The GeoIP location of the client_ip address. This field is available only if you define a GeoIP Processor as a pipeline in the Ingest GeoIP processor plugin or using Logstash.

format: dotted notation.

The layer 4 port of the process that initiated the transaction.

example: udp

The transport protocol used for the transaction. If not specified, then tcp is assumed.

required: True

The type of the transaction (for example, HTTP, MySQL, Redis, or RUM) or "flow" in case of flows.

format: dotted notation.

The layer 4 port of the process that served the transaction.

The name of the process that served the transaction.

The command-line of the process that served the transaction.

The name of the process that initiated the transaction.

The command-line of the process that initiated the transaction.

The software release of the service serving the transaction. This can be the commit id or a semantic version.